# If enabled, accessing NULL address in UEFI or SMM code can be caught.<BR><BR>\r
# BIT0 - Enable NULL pointer detection for UEFI.<BR>\r
# BIT1 - Enable NULL pointer detection for SMM.<BR>\r
- # BIT2..6 - Reserved for future uses.<BR>\r
+ # BIT2..5 - Reserved for future uses.<BR>\r
+ # BIT6 - Enable non-stop mode.<BR>\r
# BIT7 - Disable NULL pointer detection just after EndOfDxe. <BR>\r
# This is a workaround for those unsolvable NULL access issues in\r
# OptionROM, boot loader, etc. It can also help to avoid unnecessary\r
# BIT1 - Enable UEFI pool guard.<BR>\r
# BIT2 - Enable SMM page guard.<BR>\r
# BIT3 - Enable SMM pool guard.<BR>\r
+ # BIT6 - Enable non-stop mode.<BR>\r
# BIT7 - The direction of Guard Page for Pool Guard.\r
# 0 - The returned pool is near the tail guard page.<BR>\r
# 1 - The returned pool is near the head guard page.<BR>\r
## Set image protection policy. The policy is bitwise.\r
# If a bit is set, the image will be protected by DxeCore if it is aligned.\r
# The code section becomes read-only, and the data section becomes non-executable.\r
- # If a bit is clear, the image will not be protected.<BR><BR>\r
+ # If a bit is clear, nothing will be done to image code/data sections.<BR><BR>\r
# BIT0 - Image from unknown device. <BR>\r
# BIT1 - Image from firmware volume.<BR>\r
+ # <BR>\r
+ # Note: If a bit is cleared, the data section could be still non-executable if\r
+ # PcdDxeNxMemoryProtectionPolicy is enabled for EfiLoaderData, EfiBootServicesData\r
+ # and/or EfiRuntimeServicesData.<BR>\r
+ # <BR>\r
# @Prompt Set image protection policy.\r
# @ValidRange 0x80000002 | 0x00000000 - 0x0000001F\r
gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x00000002|UINT32|0x00001047\r
\r
## Set DXE memory protection policy. The policy is bitwise.\r
# If a bit is set, memory regions of the associated type will be mapped\r
- # non-executable.<BR><BR>\r
- #\r
+ # non-executable.<BR>\r
+ # If a bit is cleared, nothing will be done to associated type of memory.<BR>\r
+ # <BR>\r
# Below is bit mask for this PCD: (Order is same as UEFI spec)<BR>\r
# EfiReservedMemoryType 0x0001<BR>\r
# EfiLoaderCode 0x0002<BR>\r
# For the DxeIpl and the DxeCore are both X64, set NX for stack feature also require PcdDxeIplBuildPageTables be TRUE.<BR>\r
# For the DxeIpl and the DxeCore are both IA32 (PcdDxeIplSwitchToLongMode is FALSE), set NX for stack feature also require\r
# IA32 PAE is supported and Execute Disable Bit is available.<BR>\r
- # TRUE - to set NX for stack.<BR>\r
- # FALSE - Not to set NX for stack.<BR>\r
+ # <BR>\r
+ # TRUE - Set NX for stack.<BR>\r
+ # FALSE - Do nothing for stack.<BR>\r
+ # <BR>\r
+ # Note: If this PCD is set to FALSE, NX could be still applied to stack due to PcdDxeNxMemoryProtectionPolicy enabled for\r
+ # EfiBootServicesData.<BR>\r
+ # <BR>\r
# @Prompt Set NX for stack.\r
gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|FALSE|BOOLEAN|0x0001006f\r
\r
projects / mirror_edk2.git / blobdiff